Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-40626HistorySep 14, 2022 - 11:15 a.m.
CVE-2022-40626
2022-09-1411:15:53
Debian Security Bug Tracker
security-tracker.debian.org
23
cve-2022-40626
reflected javascript code
backurl parameter
zabbix frontend
fake account
predefined login
password
role
unix
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
35.5%
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | zabbix | < 1:6.0.7+dfsg-2 | zabbix_1:6.0.7+dfsg-2_all.deb |
| Debian | 11 | all | zabbix | < 1:5.0.8+dfsg-1 | zabbix_1:5.0.8+dfsg-1_all.deb |
| Debian | 999 | all | zabbix | < 1:6.0.7+dfsg-2 | zabbix_1:6.0.7+dfsg-2_all.deb |
| Debian | 13 | all | zabbix | < 1:6.0.7+dfsg-2 | zabbix_1:6.0.7+dfsg-2_all.deb |
Related
cve
cve
CVE-2022-40626
2022-09-14 11:15:53
osv
osv
CVE-2022-40626
2022-09-14 11:15:53
cvelist
cvelist
CVE-2022-40626 Reflected XSS in the backurl parameter of Zabbix Frontend
2022-09-14 06:55:08
nvd
nvd
CVE-2022-40626
2022-09-14 11:15:53
ubuntucve
ubuntucve
CVE-2022-40626
2022-09-14 00:00:00
openvas
openvas
Fedora: Security Advisory for zabbix (FEDORA-2022-0d56cb7ee4)
2022-09-19 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: zabbix-6.0.8-1.fc37
2022-09-19 00:23:13
prion
prion
Code injection
2022-09-14 11:15:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
35.5%
Related for DEBIANCVE:CVE-2022-40626